OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq archives for 3rd quarter (Jul-Sep) 1998: Re: Fwd: Any user can panic OpenBSD machine

Re: Fwd: Any user can panic OpenBSD machine

Peter W (peterwCLARK.NET)
Tue, 28 Jul 1998 12:38:26 -0400

On Mon, 27 Jul 1998, Theo de Raadt wrote:

> However, this bug does not by itself provide anyone with a way to gain
> elevated priviledges and greater control of the system.  That is what
> most of us normally call an 'exploit', or has the lingo changed
> recently?

> > Black hats distribute these kind of exploits quickly.  Let's make sure a
> > few white hats know about them too.
>
> Black hats distribute information on how to crash systems?  I thought
> they were concentrating on breaking root.

As any student of warfare might tell you, if you can't capture the enemy
flag you can at least try to destroy his headquarters.

As an admin I want my systems to function as intended, 24x7. This means
*both* that the administration not be usurped, and the system must remain
available. No crashes, no Denial of Service attacks, etc. I'd even venture
to say MANY of us would rather have a benign cracker gain root and not
misuse it than have the system rendered inoperable. May not be right, but
that's how it is. I'd prefer that bugtraq continue to publish reports on
DoS and crashing vulnerabilities.

-Peter
http://www.clark.net/~peterw/